Apache – CVE-2008-2939

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_proxy_ftp globbing XSS’.
That’s because of the ‘proxy_ftp.c’ in the ‘mod_proxy_ftp’ or the ‘mod_proxy_ftp.c in the mod_proxy_ftp’ modules.

CVE-2008-2939 is categorized as a ‘Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting)’ vulnerability (CWE-79).
Improper Neutralization of Input During Web Page Generation occurs when the software does not neutralize or incorrectly neutralizes user-controllable input before it’s placed in output that is used as a web page that is served to other users.

By abusing the Vulnerability in one of the modules, remote attackers can inject arbitrary web script or HTMLs using a wildcard in the last directory component in the pathname in an FTP URI.

This vulnerability could allow attackers to modify system files and information.

Recommendation

To fix CVE-2008-2939, upgrade the version of Apache HTTP Server being used to either 2.2.10 or 2.0.64.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »